Home / Technology / 14,000+ Routers Assimilated into Doppelgänger Botnet
14,000+ Routers Assimilated into Doppelgänger Botnet
11 Mar
Summary
- New KadNap malware has infected over 14,000 routers.
- The botnet utilizes a custom Kademlia DHT for resilience.
- The proxy network, Doppelgänger, is already active.
A sophisticated new malware named KadNap has emerged, successfully assimilating over 14,000 routers into a botnet within a year.
Security researchers revealed that the majority of these compromised devices are made by Asus, though the attackers may not be specifically targeting the brand. The United States accounts for 60% of the infections, with the remaining 40% spread across Taiwan, Hong Kong, Russia, the UK, Australia, Brazil, France, Italy, and Spain.
What distinguishes KadNap is its innovative use of a custom Kademlia Distributed Hash Table (DHT) protocol. This peer-to-peer system allows the botnet to conceal its infrastructure IPs and establish robust communication channels that are exceptionally hard to disrupt, by blending into legitimate traffic.
KadNap is reportedly used to construct the Doppelgänger proxy network, which appears to be a rebranded version of the earlier Faceless network. This proxy network has already been deployed and is actively operating in the wild, posing a significant threat.
